😈 [ Elastic Security Labs @elasticseclabs ]
#ElasticSecurityLabs has discovered PUMAKIT, a new #linux #malware with advanced stealth mechanisms. The kernel rootkit is capable of privilege escalation, anti-debugging measures, and more. Get the details here:
🔗 https://www.elastic.co/security-labs/declawing-pumakit/
🐥 [ tweet ]
#ElasticSecurityLabs has discovered PUMAKIT, a new #linux #malware with advanced stealth mechanisms. The kernel rootkit is capable of privilege escalation, anti-debugging measures, and more. Get the details here:
🔗 https://www.elastic.co/security-labs/declawing-pumakit/
🐥 [ tweet ]
👍5
😈 [ Tim Willis @itswillis ]
Finding 0day is not the most impactful thing that Project Zero does 😲 — it's sharing knowledge 🧠. One part of that sharing is our tooling work to help other devs and reserachers.
Today's installment, @tiraniddo's updated OleView[.]NET 👍
Blog:
🔗 https://googleprojectzero.blogspot.com/2024/12/windows-tooling-updates-oleviewnet.html
🐥 [ tweet ]
Finding 0day is not the most impactful thing that Project Zero does 😲 — it's sharing knowledge 🧠. One part of that sharing is our tooling work to help other devs and reserachers.
Today's installment, @tiraniddo's updated OleView[.]NET 👍
Blog:
🔗 https://googleprojectzero.blogspot.com/2024/12/windows-tooling-updates-oleviewnet.html
🐥 [ tweet ]
🔥6👍2🍌2
Forwarded from Positive Technologies
This media is not supported in your browser
VIEW IN TELEGRAM
В октябре мы объявили о разработке нового продукта PT Dephaze для автоматической проверки защищенности инфраструктуры и тестирования на проникновение.
Запустить продукт мы планируем в феврале 2025 года, а сейчас готовы поделиться с вами промежуточными результатами и показать, какие инструменты и техники будут применяться для проведения пентестов.
На трансляции вы увидите, как продукт:
В конце трансляции подробно расскажем о коммерческом запуске и старте пилотных проектов PT Dephaze.
#PTDephaze
@Positive_Technologies
Please open Telegram to view this post
VIEW IN TELEGRAM
🥱20👍6🔥4
😈 [ DeLuks @0xDeLuks ]
After a few weeks of work, here it is, the packer blog-post. Enjoy! :D
🔗 https://deluks2006.github.io/posts/snowy-days-and-the-malware-packing-ways/
🐥 [ tweet ]
After a few weeks of work, here it is, the packer blog-post. Enjoy! :D
🔗 https://deluks2006.github.io/posts/snowy-days-and-the-malware-packing-ways/
🐥 [ tweet ]
👍5
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ 𝙻𝚊𝚠𝚛𝚎𝚗𝚌𝚎 @zux0x3a ]
I have finally released ZigStrike toolkit I was working on it, which is written in zig. it comes with several injection methods and neat web portal to select and build desired payload.
give it a try, I used one of its technique to bypass MDE (detailed in a blog).
Blog:
🔗 https://kpmg.com/nl/en/home/insights/2024/12/zig-strike-the-ultimate-toolkit-for-payload-creation-and-evasion.html
Code:
🔗 https://github.com/0xsp-SRD/ZigStrike
🐥 [ tweet ]
I have finally released ZigStrike toolkit I was working on it, which is written in zig. it comes with several injection methods and neat web portal to select and build desired payload.
give it a try, I used one of its technique to bypass MDE (detailed in a blog).
Blog:
🔗 https://kpmg.com/nl/en/home/insights/2024/12/zig-strike-the-ultimate-toolkit-for-payload-creation-and-evasion.html
Code:
🔗 https://github.com/0xsp-SRD/ZigStrike
🐥 [ tweet ]
👍11🔥5
😈 [ TrustedSec @TrustedSec ]
For the next installment in his malware blog series, Principal Security Consultant @_snus walks us through using shared memory sections to inject and execute code in a remote process. Read it now!
🔗 https://trustedsec.com/blog/malware-series-process-injection-mapped-sections/
🐥 [ tweet ]
For the next installment in his malware blog series, Principal Security Consultant @_snus walks us through using shared memory sections to inject and execute code in a remote process. Read it now!
🔗 https://trustedsec.com/blog/malware-series-process-injection-mapped-sections/
🐥 [ tweet ]
🔥4👍2
😈 [ Jonathan Beierle @hullabrian ]
This is some research that @_logangoins and I have been working on! It covers disabling EDR with WDAC and provides an overview of potential detection and mitigation techniques, as well as a custom tool to perform the attack remotely.
🔗 https://beierle.win/2024-12-20-Weaponizing-WDAC-Killing-the-Dreams-of-EDR/
🐥 [ tweet ]
This is some research that @_logangoins and I have been working on! It covers disabling EDR with WDAC and provides an overview of potential detection and mitigation techniques, as well as a custom tool to perform the attack remotely.
🔗 https://beierle.win/2024-12-20-Weaponizing-WDAC-Killing-the-Dreams-of-EDR/
🐥 [ tweet ]
🔥10👍3
😈 [ Alex Neff @al3x_n3ff ]
A lot of cool new features for the MSSQL protocol just got merged into NetExec🔥
- RID brute forcing, made by @Adamkadaban
- MSSQL coercion, made by @lodos2005
- 6 new modules abusing MSSQL trusted links, made by deathflamingo
🐥 [ tweet ]
A lot of cool new features for the MSSQL protocol just got merged into NetExec🔥
- RID brute forcing, made by @Adamkadaban
- MSSQL coercion, made by @lodos2005
- 6 new modules abusing MSSQL trusted links, made by deathflamingo
🐥 [ tweet ]
👍17🔥8
😈 [ Simon @TheCyberSimon ]
Greetings Hackers on the web.
For the hackers out there ricing their Linux and crushing @hackthebox_eu challenges, here’s a slick HackTheBox-themed i3 setup.
Credit: BotnetBuddies
Repo:
🔗 https://github.com/botnetbuddies/hackthebox-themes
🐥 [ tweet ]
Greetings Hackers on the web.
For the hackers out there ricing their Linux and crushing @hackthebox_eu challenges, here’s a slick HackTheBox-themed i3 setup.
Credit: BotnetBuddies
Repo:
🔗 https://github.com/botnetbuddies/hackthebox-themes
🐥 [ tweet ]
🔥10👍1
😈 [ Matcluck @doopsec ]
Just released SCCMHound! A BloodHound collector for SCCM. SCCMHound allows both attackers and defenders to construct BloodHound datasets using the vast
amount of information that is stored/retrievable through SCCM. Feel free to take it for a spin!
🔗 https://github.com/CrowdStrike/sccmhound
🐥 [ tweet ]
Just released SCCMHound! A BloodHound collector for SCCM. SCCMHound allows both attackers and defenders to construct BloodHound datasets using the vast
amount of information that is stored/retrievable through SCCM. Feel free to take it for a spin!
🔗 https://github.com/CrowdStrike/sccmhound
🐥 [ tweet ]
👍13🤔4🥱1
😈 [ sixtyvividtails @sixtyvividtails ]
Small gift for you! 🔺🟦🔺
Code to reliably stop almost any 3rd party Windows security system, via
No privileges needed at all, user rights are enough. Shall work on most OS: 10 22H2, 11 24H2, WS2022.
But: it requires CI policies (e.g. HVCI/UMCI on).
🐥 [ tweet ]
Small gift for you! 🔺🟦🔺
Code to reliably stop almost any 3rd party Windows security system, via
ci!CiValidateFileAsImageType.No privileges needed at all, user rights are enough. Shall work on most OS: 10 22H2, 11 24H2, WS2022.
But: it requires CI policies (e.g. HVCI/UMCI on).
🐥 [ tweet ]
😢3
😈 [ CCob🏴 @_EthicalChaos_ ]
Sorry folks, I had to remove the Disconnected GPO project from GitHub... but never fear, it has returned as Disconnected RSAT since it now supports the Certificate Authority and Certificate Templates snap-ins in addition to Group Policy support.
🔗 https://github.com/CCob/DRSAT
🐥 [ tweet ]
Sorry folks, I had to remove the Disconnected GPO project from GitHub... but never fear, it has returned as Disconnected RSAT since it now supports the Certificate Authority and Certificate Templates snap-ins in addition to Group Policy support.
🔗 https://github.com/CCob/DRSAT
🐥 [ tweet ]
🔥6👍3
😈 [ НЁХ-редактор @apismenny ]
Титаническими усилиями, отбиваясь от затягивающего Balatro и остатков работы дописал таки новогоднюю колонку!
🔗 https://xakep.ru/2024/12/28/xakep-2024/
🐥 [ tweet ]
Титаническими усилиями, отбиваясь от затягивающего Balatro и остатков работы дописал таки новогоднюю колонку!
🔗 https://xakep.ru/2024/12/28/xakep-2024/
🐥 [ tweet ]
👍4
Эти ваши сексы конечно круто, но пробовали ли вы это чувство финализации драфта по результатам успешно завершенной трехмесячной RT-операции глубокой ночью 30-го декабря под Сожжение Хром в наушниках? Удивительно, как близко к реальности Гибсон в далеком 1982 смог описать характерные черты настоящего (пусть даже симулированного в этичной манере) секьюрити брича, будучи при этом, по его словам, максимально далеким от хакинга (да и в целом от компьютеров) парнем.
Бесконечный респект моим любимым коллегам из @ptswarm, и всех с наступающим!🎄
Бесконечный респект моим любимым коллегам из @ptswarm, и всех с наступающим!
Please open Telegram to view this post
VIEW IN TELEGRAM
🎄30👍9🥱1
😈 [ BlackSnufkin @BlackSnufkin42 ]
Tired of switching tools for payload testing? LitterBox - bringing Moneta, PE-sieve & more into one unified platform.
🔗 https://github.com/BlackSnufkin/LitterBox
🐥 [ tweet ]
Tired of switching tools for payload testing? LitterBox - bringing Moneta, PE-sieve & more into one unified platform.
🔗 https://github.com/BlackSnufkin/LitterBox
🐥 [ tweet ]
👍6
😈 [ Burak Karaduman @krdmnbrk ]
Excited to share my new project: AttackRuleMap
This project maps #AtomicRedTeam simulations to open-source detection rules like #SigmaRules and #Splunk ESCU rules (maybe more in the future).
Currently for Windows, with plans to support more platforms.
🔗 https://attackrulemap.netlify.app/
🐥 [ tweet ]
Excited to share my new project: AttackRuleMap
This project maps #AtomicRedTeam simulations to open-source detection rules like #SigmaRules and #Splunk ESCU rules (maybe more in the future).
Currently for Windows, with plans to support more platforms.
🔗 https://attackrulemap.netlify.app/
🐥 [ tweet ]
👍10🔥5
😈 [ NSG650 @nsg650 ]
New blog about bootkitting Windows.
Done in collab with @pdawg11239
🔗 https://nsg650.github.io/blogs/29-12-2024.html
🐥 [ tweet ]
New blog about bootkitting Windows.
Done in collab with @pdawg11239
🔗 https://nsg650.github.io/blogs/29-12-2024.html
🐥 [ tweet ]
👍3🔥3
😈 [ SafeBreach @safebreach ]
Starting 2025 strong! We’ve developed a PoC exploit for CVE-2024-49112. Read the blog and check out the GitHub repo.
Blog:
🔗 https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49112/
PoC:
🔗 https://github.com/SafeBreach-Labs/CVE-2024-49112
🐥 [ tweet ]
Starting 2025 strong! We’ve developed a PoC exploit for CVE-2024-49112. Read the blog and check out the GitHub repo.
Blog:
🔗 https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49112/
PoC:
🔗 https://github.com/SafeBreach-Labs/CVE-2024-49112
🐥 [ tweet ]
🔥9🥱4👍3🤯2
😈 [ Dirk-jan @_dirkjan ]
Few BloodHound python updates: LDAP channel binding is now supported with Kerberos auth (native) or with NTLM (custom ldap3 version). Furthermore, the BH CE collector now has its own pypi package and command. You can have both on the same system with pipx.
🔗 https://github.com/dirkjanm/BloodHound.py
🐥 [ tweet ]
🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/ad#setup
Few BloodHound python updates: LDAP channel binding is now supported with Kerberos auth (native) or with NTLM (custom ldap3 version). Furthermore, the BH CE collector now has its own pypi package and command. You can have both on the same system with pipx.
🔗 https://github.com/dirkjanm/BloodHound.py
🐥 [ tweet ]
тоже недавно обновлял читшит по быстрому разворачиванию "нового" бх:🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/ad#setup
🔥10👍4